Everything you need to know about General Data Protection Regulation

Whether you’re in management or not, you’ll be affected by the General Data Protection Regulation that came into force in May 2018 as these new laws affect every business in the UK, as well as Europe. The impact of any change in the law is always felt immediately so workers around the continent are having to take a little extra care handling data that’s been on record with their firm for months or years. In the long term, the major changes this law brings into effect will make life better for everyday folk as it’ll be harder for major firms to exploit their personal information for financial gain.

CC0/DigitalArtist/Pixabay

What's it all about?

The regulations sound a little contrived when you read them but what they aim to achieve is very straightforward. Businesses store data about former customers and clients that they can use to market new products and service to the old user. That’s fine but from now on you’ll be able to ask firms what information they store on you and you’ll have what’s called the “right of erasure”. That means you can now force firms to erase the data they hold on you.

Rights and powers

This law doesn’t just apply to European companies, it applies to all firms doing business in the continent. Any firm that processes personal data of people who lie live in the European Union is affected by this law but what exactly is “personal data”? The definition of “personal data” as set out in GDPR is any information that can be used to identify an individual. The examples given include names, photos, email addresses, IP addresses, bank details, medical information, posts on social media, sexual orientation and biometric details.

Purpose of Europe’s new law

Reading the wording and understanding the meaning will give you a surface understanding of this European legislation but it won’t explain why the law has been put in place. This regulation replaces the 1995 data protection directive that was outdated and inadequate now that we live our lives online. GDPR gives consumers a little more control over the data that’s accumulating in the background whenever they click on a link or search for an item. It’s probably not news to you, but Google collects data as you search and they use this information to decide which ads to show you. That’s why the adverts are so well targeted to you at that specific time. If you’ve searched for a new car recently, Google Ads will populate with adverts for cars. It’s this sort of abuse of power that the new law seeks to remove.

Facebook

Mark Zuckerberg’s firm is another that extracts data from its users for commercial gain. The way Facebook collects data and the way it asks users for their consent has changed now because of GDPR. Will those changes make their way across the Atlantic to help protect the rights of citizens in North America? We’re not sure that Facebook will change a winning formula until they really have to.

What have Facebook and Google done to comply?

Facebook has its headquarters in Ireland so you’d expect all users to be covered by GDPR. They’re not. Those outside of Europe is now covered by very lenient US privacy laws so users outside of Europe will still be tracked when they’re online with Facebook. Google is putting the onus on publishers who make money through Google Ads. The publishers rather than Google are being asked to obtain consent from users. Companies can be fined up to 4% of their global revenue if they don’t comply with the ruling so this regulation will hit the likes of Zuckerberg where it hurts the most – their bottom-line.